Privacy Policy

1. Who we are

Normado is operated from Amsterdam, the Netherlands. We provide an AI-powered compliance and security management platform for businesses operating in the European Union.

For questions about this policy, contact us at normado.io@outlook.com.

2. What data we collect

When you use Normado, we collect:

• Account information: email address and name when you sign up
• Onboarding data: answers to the onboarding questionnaire (company size, industry, tech stack, compliance goals)
• Generated content: security policies and compliance documents created through the platform
• Usage data: how you interact with the platform (pages visited, features used)
• Waitlist data: email address if you join our waitlist

3. How we use your data

We use your data to:

• Provide and improve the Normado platform
• Generate tailored security policies based on your company profile
• Send you product updates and relevant communications (you can opt out)
• Analyze usage patterns to improve the product

4. AI-generated content

Normado uses Anthropic's Claude API to generate security policies. When generating policies:

• Your company context (from onboarding) is sent to the API to customize the output
• Anthropic's API does not use your data to train their models
• Generated policies are stored in your Normado account and are not shared with other users
• We have a Data Processing Agreement with Anthropic covering GDPR requirements

5. Where your data is stored

All data is stored in the European Union:

• Database: Supabase, hosted in AWS EU (Ireland)
• Application: Vercel, with EU edge functions
• We do not transfer your data outside the EU except for AI API calls (covered by Anthropic's DPA and standard contractual clauses)

6. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days. Waitlist emails are retained until you unsubscribe or we launch, whichever comes first.

7. Your rights (GDPR)

Under the GDPR, you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data
• Portability: receive your data in a structured format
• Object: object to processing based on legitimate interests
• Restrict: request restricted processing in certain circumstances

To exercise any of these rights, contact normado.io@outlook.com.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising cookies or tracking cookies from third parties.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption at rest and in transit, access controls, and regular security reviews.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users of significant changes via email.